Question No: 21

Which algorithm provides both encryption and authentication for plane communication?

RC4

SHA-384

AES-256

SHA-96

3DES

AES-GCM

Answer: F

Question No: 22

Which Cisco adaptive security appliance command can be used to view the IPsec PSK of a tunnel group in cleartext?

more system:running-config

show running-config crypto

show running-config tunnel-group

show running-config tunnel-group-map

clear config tunnel-group

show ipsec policy

Answer: A

Question No: 23

Which algorithm is replaced by elliptic curve cryptography in Cisco NGE?

3DES

AES

DES

RSA

Answer: D

Question No: 24

Which protocols does the Cisco AnyConnect client use to build multiple connections to the security appliance?

TLS and DTLS

IKEv1

L2TP over IPsec

SSH over TCP

Answer: A

Question No: 25

Refer to the exhibit.

Which authentication method was used by the remote peer to prove its identity?

Extensible Authentication Protocol

certificate authentication

pre-shared key

XAUTH

Answer: C

Question No: 26

An XYZ Corporation systems engineer, while making a sales call on the ABC Corporation headquarters, tried to access the XYZ sales demonstration folder to transfer a demonstration via FTP from an ABC conference room behind the firewall. The engineer could not reach XYZ through the remote-access VPN tunnel. From home the previous day, however, the engineer did connect to the XYZ sales demonstration folder and transferred the demonstration via IPsec over DSL.

To get the connection to work and transfer the demonstration, what should the engineer do?

Change the MTU size on the IPsec client to account for the change from DSL to cable transmission.

Enable the local LAN access option on the IPsec client.

Enable the IPsec over TCP option on the IPsec client.

Enable the clientless SSL VPN option on the PC.

Answer: C Explanation:

IP Security (IPSec) over Transmission Control Protocol (TCP) enables a VPN Client to operate in an environment in which standard Encapsulating Security Protocol (ESP, Protocol 50) or Internet Key Exchange (IKE, User Datagram Protocol (UDP) 500) cannot function, or can function only with modification to existing firewall rules. IPSec over TCP encapsulates both the IKE and IPSec protocols within a TCP packet, and it enables secure tunneling through both Network Address Translation (NAT) and Port Address Translation (PAT) devices and firewalls

Question No: 27

Which benefit of FlexVPN is not offered by DMVPN using IKEv1?

Dynamic routing protocols can be configured.

IKE implementation can install routes in routing table.

GRE encapsulation allows for forwarding of non-IP traffic.

NHRP authentication provides enhanced security.

Answer: B

Question No: 28

Scenario:

You are the senior network security administrator for your organization. Recently and junior engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco ASA and a remote branch office.

You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly configured according to designated parameters. Using the CLI on both the Cisco ASA and branch ISR, verify the IPsec configuration is properly configured between the two sites.

NOTE: the show running-config command cannot be used for this exercise.

Topology:

Which crypto map tag is being used on the Cisco ASA?

outside_cryptomap

VPN-to-ASA

L2L_Tunnel

outside_map1

Answer: D Explanation:

This is seen from the “show crypto ipsec sa” command on the ASA.

Question No: 29

Refer to the exhibit.

You have implemented an SSL VPN as shown. Which type of communication takes place between the secure gateway R1 and the Cisco Secure ACS?

HTTP proxy

AAA

policy

port forwarding

Answer: B

Question No: 30

Which option describes the purpose of the shared argument in the DMVPN interface command tunnel protection IPsec profile ProfileName shared?

shares a single profile between multiple tunnel interfaces

allows multiple authentication types to be used on the tunnel interface